Data Privacy Compliance Support

We support compliance. You lead the legal process.

We can help you implement the necessary tools and practices to comply with major data privacy laws, including GDPR, CCPA/CPRA, and others.

Our work includes:

Configuring consent management solutions to align with your marketing tools
Following your legal team’s guidance to ensure your site respects user data while maintaining performance and UX

A man sits at a desk with a laptop, smartphone, and webcam. He is smiling and wearing a long-sleeve shirt. A large window and indoor plant are in the background.

Key regulations that may apply to your website

United States

This site tracks comprehensive US state privacy bills such as CCPA/CPRA, VCDPA, etc. U.S. State Privacy Tracker

Do you have to comply in the US?

A ‘yes’ answer to any question means you will likely need to comply.

Do you collect or process personal data (e.g., names, emails, IP addresses, cookie IDs) from individuals located in California, Colorado, or Virginia?
Do you offer goods or services (even for free) to people in California, Colorado, or Virginia — such as an online storefront, app download, newsletter signup, or targeted advertising?
Do you monitor or track behavior of individuals in California, Colorado, or Virginia — e.g., via analytics, cookies, location data, or profiling?

European Union

This site helps you understand GDPR and determine what parts of it apply to you. What is GDPR?

Does GDPR apply to your business?

A ‘yes’ answer to any question means you will likely need to comply.

Do you collect or process personal data (e.g., names, emails, IP addresses, cookie IDs) from individuals located in the EU?
Do you offer goods or services (even for free) to people in the EU — such as an online storefront, app download, newsletter signup, or targeted advertising?
Do you monitor or track behavior of EU-based individuals — e.g., via analytics, cookies, location data, or profiling?

A look at compliance requirements and enforcement

	Requirements	Consent Banner	Non-Essential Cookies	Enforcement
GDPR	Any business processing the personal data of EU residents, regardless of company size or revenue.	Mandatory. Must inform users about cookies, their purpose, and seek explicit consent before setting non-essential cookies.	Opt-in	Enforcement by Data Protection Authorities (DPAs) in EU member states. Heavy fines (up to 4% of global turnover).
CCPA & CPRA	Businesses with $25 million in gross annual revenue, or those that buy, sell, or share data of 50,000+ consumers.	Not required. Businesses must include a notice of cookie usage and an opt-out for the sale of personal information.	Opt-out	Enforcement by California Attorney General; penalties for non-compliance can range from $2,500 to $7,500 per violation.
VCDPA	Businesses with $100 million in gross annual revenue or those that process data of 100,000+ consumers.	Not required. Mandatory if collecting or processing sensitive categories of personal data. Requires clear notice of data collection and cookies in privacy policy.	Opt-out	Enforcement by the Virginia Attorney General; penalties for non-compliance can be up to $7,500 per violation.
CPA	Businesses with $25 million in gross annual revenue or those that process data of 100,000+ consumers.	Not required. Businesses must provide notice of cookie use in a clear and accessible manner.	Opt-out	Enforcement by the Colorado Attorney General; penalties for non-compliance can range from $2,000 to $20,000 per violation.

Helpful links

GDPR Overview

California CCPA Overview

Virginia Consumer Data Protection Act

Colorado Protection Act

Example websites

Offthestreetclub.com (Cookiebot example)

Orbitmedia.com (form with privacy policy link)

What is implemented?

We regularly use Cookiebot for cookie consent management.

See below instructions for moving forward with Cookiebot

Reminder: Data privacy compliance extends beyond cookie banners. How you store, process, and transfer personal data offline or through other channels is also critical. Consult your legal counsel for full compliance guidance.

Cookies and consent

What types of cookies require consent?

White checkmark inside a white circle, centered on a solid reddish-brown background.

Strictly necessary

Essential for site function (e.g., forms, shopping cart)

White line graph with an upward arrow displayed on a red circular background.

Analytics

Behavior tracking (e.g., Google Analytics and other tracking scripts)

Advertising / marketing

Personalized ads (e.g., Facebook Pixel, Google Ads, etc.)

White gear icon outlined in the center of a solid red-orange circle.

Functionality / preference

Language, region settings

White speech bubble icons with three dots inside appear on a solid orange-red circular background.

Social media

Embedded videos, logins (e.g., YouTube, Vimeo, etc.)

Reminder: Strictly necessary cookies require transparency, not consent.

How to install the cookie manager and meet compliance requirements

Your responsibilities

Consult legal counsel
Create a compliant privacy policy
Conduct website and tool data inventory
Add consent text and privacy policy link to all embedded forms on the site
Choose a cookie manager: We recommend Cookiebot – here’s how to set it up
After deployment, conduct regular checks to maintain compliance

Orbit responsibilities

Add consent text and privacy policy link to all non-embedded forms on the site
Install and configure the cookie manager (e.g., Cookiebot)
(Optional) Eliminate unnecessary data storage

Set up your Cookiebot account in 3 simple steps

Cookiebot powers cookie management on orbitmedia.com and hundreds of our clients’ sites.

To get started, please follow these steps:

Email your Project Manager with the contact information for the person or team who will manage Cookiebot on your end.
Orbit will send an email to this contact from Cookiebot. They will then need to accept the Cookiebot invitation in their inbox and follow the link to complete the initial setup.
Within 14 days, log in to your Cookiebot dashboard to complete the setup, finish configuration, and add payment details.

Important: A paid Cookiebot account is required. Pricing is based on the number of pages on your site and will automatically adjust if your page count changes.

Blue background with Usercentrics and Cookiebot logos. Illustration of a person interacting with a computer displaying a menu, on the right side.

The default Cookiebot configuration

When implementing Cookiebot, Orbit will configure it where users visiting the site from the United States will receive CCPA configuration and users from everywhere else will receive a GDPR configuration. Please communicate any additional requirements from your legal team for more specific settings.

United States (CCPA & CPRA)

Opt-Out
Cookies are accepted by default
Banner not shown by default
Users can change their consent and will see a banner that includes options like “OK” and “Do Not Sell My Personal Information”

European Union (GDPR)

Opt-In
Banner requires users to accept cookies before any non-essential cookies are set
Cookie categories are not pre-selected
User must actively consent

Not using Cookiebot? Want to use another cookie manager? Let your PM know.

The impact

What happens after a cookie manager is installed?

White rocket icon inside a solid teal circle, depicted in a simple line art style.

Post-deployment

A cookie banner may appear when the site loads
There will likely be a reduction in recorded traffic reporting in Google Analytics
Third-party content (e.g., embedded videos, maps, or other embedded scripts) may be blocked until consent is given
Useful Cookiebot resources
- Google Consent Mode Guide
- Manual Cookie Blocking for Embedded Content

Ongoing maintenance

Review monthly cookie manager scan reports
Update Tag Manager tags and triggers
Adjust third-party scripts as needed
Orbit Support available for help (billed separately)